> There are a number of standard building blocks (3DES, AES, RSA, HMAC,
> SSL, S/MIME, etc.). While none of these building blocks are known
> to be secure ..
So for the well-meaning naif, a literature search should result in "no
news is good news." Put more plainly, if you looked up hash and didn't
find news of a SHA break, then you should know to use SHA. That assumes
you've heard of SHA in the first place.
Perhaps a few "best practices" papers are in order. They might help
the secure (distributed) computing field a great deal.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
